Expose SENTRY_AUTH_TOKEN for frontend build #413
Conversation
|
Preview: https://packit-dashboard-pr-413.surge.sh (deployed at Tue 04 Jun 2024, 07:47 UTC) |
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 49s |
There was a problem hiding this comment.
I looked things up and didn't see anything that we could utilize to make this foolproof. But no one would be able to get the secret that easily luckily. It's only something that can be accessed from within the repo
As for the secret itself, when we add it we should make sure it's unique to this specific repo and not a generic Packit one that is used everywhere. Means less work if it ends up leaked in a log somewhere as we just have to disable it for this repo
| @@ -42,6 +42,11 @@ jobs: | |||
| echo "commit_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |||
| id: branch_tag | |||
|
|
|||
| - name: Set up secret file needed for the build | |||
| run: echo "$SENTRY_AUTH_TOKEN" > /tmp/sentry-secret | |||
There was a problem hiding this comment.
So that's the reason why GitLab allows to have secrets mounted as files :D
lbarcziova
force-pushed
the
build-sentry-auth-token
branch
from
c294d27
to
02bad20
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 47s |
Followup of #410
I would like to avoid writing the secret into a file, but the
buildahversion in the action doesn't support env vars. Therefore open to any suggestions and opening it as draft 🙏